Mangadex just posted that they were hacked. https://mangadex.org/thread/446243 The hacker made off with the Mangadex user database, among other things. All passwords were stored in a secure and encrypted format, but you should change your password on Mangadex and any other site where you used the same password as Mangadex just in case. I've posted the forum post from Mangadex below since the site is timing out a lot right now.
Security is a full time job. So many attack vectors and new ones popping up every day. It doesn't help that the only way to really secure something is to make it so that you yourself can't get in...
Yeah, it's become a weekly occurence where i get emails that people are trying to reset my passwords or have done so, anything from facebook to sony account or 10 year old world of warcraft ones. If you don't have two-step authentication you're not safe.
18WSPrCVbBqE3fcsxmRyX4MHf7huhdkHvG is MangaDex's bitcoin wallet address. They have about .12 BTC in the account, which is just shy of $7k. 0x0BB95fE37dc1458aAc692E0E9b44F9852B2Aa6Ec is their ethereum wallet address. They have around $2k in that wallet. Between the two, it would be almost enough to pay the hacker.
I’ve got pretty much all my important stuff 2 stepped, so I’m not going to bother... sucks for md. I really don’t get the mindset of doing something like this. I mean, I know why, I just don’t get why.
I managed to make it work. Took about 5 minutes of reloading. If you use a password manager, make sure to copy your old password in case the site decides to time out at the password change prompt after you've input a new password and changed it in your password manager.
I've managed to make it work, but it took a lot longer than 5 minutes. The "saving" button seems to be loading eternally rather than telling you when it's finished applying the changes. Had to log out and try logging back in to confirm it had worked.
Does this have anything to do with DDoS that Mangadex mod said in the forum when the site got a bunch of 500 errors? Nothing goes right for Mangadex nowadays.
It's way too early to say who was behind it, and we may never know for sure. It's possible that the two are linked, but it may have just been a coincidence that the hack took place around the time of the DDoS attack. Since what MangaDex does is dubiously legal at best, and likely illegal in most of the developed world, we may never see a full investigation into either the hack or DDoS by anyone with enough experience, power, and access to get to the bottom of the whole thing.
I can give him my username and pass free Spoiler: username and password username:suckmycock password:Lickmydick*
They genuinely asked for 10k BTC. (woulez is one of the mods on Mangadex discord, so I'd assume he would know)
If the hacker was negotiating in good faith, he must have meant $10k worth of BTC. MangaDex lists their ETH and BTC wallets on their support page. They have around $9k in crypto right now. Asking for $10k makes a lot of sense if the hacker checked the value of the wallets. Asking for nearly half a billion dollars worth of BTC is a complete waste of time... unless Elon Musk happens to be involved with MangaDex. It's also possible the hacker was just trolling and really meant 10k BTC. I'll leave that for you to decide. Whether the hacker meant 10k BTC or $10k worth of BTC, MangaDex did the right thing to not pay the hacker. EDIT: 10K BTC is over half a billion dollars now. As of this post, that would be $568 million before transaction fees.